Projectssecurity
03Security Research

Buffer Overflow Attack Lab

Analyzed buffer overflow vulnerabilities in 32-bit environments — stack smashing, heap overflow, format string attacks. Evaluated ASLR and stack canary countermeasures using GDB.

CGDBx86 ASMASLRLinuxShell
View on GitHub
3
Attack Vectors
x86
Architecture
Root
Privilege Level
Drag to rotate scene
type
Security Research
status
Completed
year
2024
role
Solo Researcher
01

System Architecture · 3D View

02

Architecture Diagram

Vulnerable Binary
C / 32-bit
Crafted Input
Payload / Shellcode
Stack Overflow
Return Addr Overwrite
Heap Overflow
Metadata Corruption
Format String
%x · %n Exploit
GDB Analysis
Register · Stack Trace
ASLR Bypass
Countermeasure Test
Root Access
Privilege Escalation
03

Screenshots & Output

terminal
$ gdb -q ./vulnerable_program
Reading symbols from ./vulnerable_program...done.
(gdb) run $(python3 -c "print('A'*76 + '\xef\xbe\xad\xde')")
Program received signal SIGSEGV, Segmentation fault.
0xdeadbeef in ?? ()
(gdb) x/20x $esp
0xffffd620: 0x41414141 0x41414141 0xdeadbeef 0x00000000
✓ Return address overwrite confirmed at offset 76
✓ Shell payload injected → root access obtained
$
GDB Session
Live debugging with stack traces
Exploit Success Rates
Stack Smash95%
Heap Overflow88%
Format String82%
ASLR Bypass74%
Canary Defeat70%
Exploit Success Rates
Attack vector effectiveness
Data Output
{
"attack_type": "stack_smashing",
"offset": 76,
"payload": "'A'*76 + ret_addr",
"target": "32-bit Linux ELF",
"mitigations_tested": ["ASLR", "canary"],
"result": "root_shell_obtained"
}
Memory Map
Process memory layout
Project Structure
📁 buffer-overflow-lab/
├─ vulnerable.c Target program
├─ exploit.py Stack smash
├─ heap_exploit.py Heap overflow
├─ format_str.py Format string
├─ gdb_notes.txt Debug log
└─ report.pdf Lab writeup
Lab Structure
Exploit file organization
04

What I Built

Analyzed buffer overflow vulnerabilities in 32-bit environments, identifying security weaknesses.

Manipulated memory locations and return addresses to bypass execution restrictions.

Developed and tested exploit code to achieve root access via code injection and privilege escalation.

Explored stack smashing, heap overflow, and format string attacks to evaluate security risks.

Debugged and traced memory allocations using GDB, monitoring registers and stack behavior.

Conducted post-exploit analysis testing ASLR and stack protection countermeasures.

05

Project Insights

Personal Notes & Learnings
Markdown Editor
Live Preview

What I Explored

Deep-dive into memory exploitation in controlled 32-bit Linux environments.

Attack Vectors Tested

  • Stack smashing: Overwriting return address to redirect execution
  • Heap overflow: Corrupting heap metadata for arbitrary writes
  • Format string: Using %n to write to arbitrary memory locations

Key Insight

ASLR significantly raises the difficulty but does not prevent exploitation when combined with information leaks that reveal base addresses.

EC-Council Connection

This lab reinforced and extended my Ethical Hacking Essentials certification curriculum.

✓ Insights saved locally
← PreviousClassroom Behavior Detection
All Projects
Next →Formal Language Typing Game